[Bug sanitizer/79096] [7 Regression] address sanitizer and jni does not work

physiker at toast2 dot net Tue, 17 Jan 2017 11:15:02 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79096


--- Comment #2 from physiker at toast2 dot net ---
> Am 16.01.2017 um 15:18 schrieb m.ostapenko at samsung dot com 
> <gcc-bugzi...@gcc.gnu.org>:
> 
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79096
> 
> Maxim Ostapenko <m.ostapenko at samsung dot com> changed:
> 
>           What    |Removed                     |Added
> ----------------------------------------------------------------------------
>                 CC|                            |m.ostapenko at samsung dot com
> 
> --- Comment #1 from Maxim Ostapenko <m.ostapenko at samsung dot com> ---
> Not sure it really worked, because dlopening ASan'ed library from 
> non-sanitized
> binary without preloading libasan is a bad idea. For GCC versions 5 and 6 
> there
> wasn't any check against this for Darwin, GCC 7 pulled it with last
> libsanitizer merge from LLVM (corresponding commit in LLVM:
> http://reviews.llvm.org/D18212). Have you tried to compile your library with
> clang btw?
> 

For previous version of gcc setting DYLD_INSERT_LIBRARIES is not necessary.
Setting DYLD_INSERT_LIBRARIES as suggested for current versions of gcc 7 on the
x86_64-apple-darwin15.6.0 target does not solve the issue. On linux, preloading
libasan has always been necessary for getting the example to work. I do not
know how to successfully preload libasan on darwin. It does not seem to work
for the version of clang shipped with the operating system (Apple LLVM version
8.0.0 (clang-800.0.42.1)), either:

gcc -v -dynamiclib -fPIC -fsanitize=address
-I/System/Library/Frameworks/JavaVM.framework/Headers libTasan.c -o
libTasan.jnilib -fno-inline -fno-omit-frame-pointer -g
Apple LLVM version 8.0.0 (clang-800.0.42.1)
Target: x86_64-apple-darwin15.6.0
Thread model: posix
InstalledDir: /Library/Developer/CommandLineTools/usr/bin
 "/Library/Developer/CommandLineTools/usr/bin/clang" -cc1 -triple
x86_64-apple-macosx10.11.0 -Wdeprecated-objc-isa-usage
-Werror=deprecated-objc-isa-usage -emit-obj -mrelax-all -disable-free
-disable-llvm-verifier -discard-value-names -main-file-name libTasan.c
-mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim
-masm-verbose -munwind-tables -target-cpu core2 -target-linker-version 274.2 -v
-dwarf-column-info -debug-info-kind=standalone -dwarf-version=2
-debugger-tuning=lldb -resource-dir
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0 -I
/System/Library/Frameworks/JavaVM.framework/Headers -fdebug-compilation-dir
/Users/Peter/Devel/jni/asan -ferror-limit 19 -fmessage-length 75
-fsanitize=address
-fsanitize-blacklist=/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/asan_blacklist.txt
-fno-assume-sane-operator-new -stack-protector 1 -fblocks -fno-inline
-fobjc-runtime=macosx-10.11.0 -fencode-extended-block-signature
-fmax-type-align=16 -fdiagnostics-show-option -o
/var/folders/97/4qnhjhtn25s86s9hkz0h37_m0000gn/T/libTasan-2e658d.o -x c
libTasan.c
clang -cc1 version 8.0.0 (clang-800.0.42.1) default target
x86_64-apple-darwin15.6.0
#include "..." search starts here:
#include <...> search starts here:
 /System/Library/Frameworks/JavaVM.framework/Headers
 /usr/local/include
 /Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/include
 /Library/Developer/CommandLineTools/usr/include
 /usr/include
 /System/Library/Frameworks (framework directory)
 /Library/Frameworks (framework directory)
End of search list.
libTasan.c:7:3: warning: array index 10 is past the end of the array (which
      contains 10 elements) [-Warray-bounds]
  stack_array[10] = 0;
  ^           ~~
libTasan.c:6:3: note: array 'stack_array' declared here
  int stack_array[10];
  ^
1 warning generated.
 "/Library/Developer/CommandLineTools/usr/bin/ld" -demangle -dynamic -dylib
-arch x86_64 -macosx_version_min 10.11.0 -o libTasan.jnilib
/var/folders/97/4qnhjhtn25s86s9hkz0h37_m0000gn/T/libTasan-2e658d.o
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
-rpath @executable_path -rpath
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/lib/darwin
-lc++abi -lSystem
/Library/Developer/CommandLineTools/usr/bin/../lib/clang/8.0.0/lib/darwin/libclang_rt.osx.a
 "/Library/Developer/CommandLineTools/usr/bin/dsymutil" -o libTasan.jnilib.dSYM
libTasan.jnilib

bash-3.2$ java Tasan
==915==ERROR: Interceptors are not working. This may be because
AddressSanitizer is loaded too late (e.g. via dlopen). Please launch the
executable with:
DYLD_INSERT_LIBRARIES=/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
==915==AddressSanitizer CHECK failed:
/Library/Caches/com.apple.xbs/Sources/clang_compiler_rt/clang-800.0.42.1/src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:690
"(("interceptors not installed" && 0)) != (0)" (0x0, 0x0)
    <empty stack>

Abort trap: 6

bash-3.2$
DYLD_INSERT_LIBRARIES=/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
java Tasan
==918==ERROR: Interceptors are not working. This may be because
AddressSanitizer is loaded too late (e.g. via dlopen). Please launch the
executable with:
DYLD_INSERT_LIBRARIES=/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
==918==AddressSanitizer CHECK failed:
/Library/Caches/com.apple.xbs/Sources/clang_compiler_rt/clang-800.0.42.1/src/projects/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc:690
"(("interceptors not installed" && 0)) != (0)" (0x0, 0x0)
    <empty stack>

Abort trap: 6

ls -l
/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib
-rwxr-xr-x  1 root  admin  1543424  5 Dez 23:17
/Library/Developer/CommandLineTools/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib

When the code is compiled by gcc version 6:
bash-3.2$ java Tasan
=================================================================
==953==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x700000219828
at pc 0x000122940e87 bp 0x7000002197c0 sp 0x7000002197b8
WRITE of size 4 at 0x700000219828 thread T0
    #0 0x122940e86 in Java_Tasan_crash libTasan.c:7
    #1 0x10bdb7573  (<unknown module>)
    #2 0x10bda9ffc  (<unknown module>)
    #3 0x10bda24e6  (<unknown module>)
    #4 0x10b0edbd1 in JavaCalls::call_helper(JavaValue*, methodHandle*,
JavaCallArguments*, Thread*) (libjvm.dylib+0x2edbd1)
    #5 0x10b1249c9 in jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*,
JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) (libjvm.dylib+0x3249c9)
    #6 0x10b11d740 in jni_CallStaticVoidMethod (libjvm.dylib+0x31d740)
    #7 0x10a645930 in JavaMain (java+0x100003930)
    #8 0x7fff9df4e99c in _pthread_body (libsystem_pthread.dylib+0x399c)
    #9 0x7fff9df4e919 in _pthread_start (libsystem_pthread.dylib+0x3919)
    #10 0x7fff9df4c350 in thread_start (libsystem_pthread.dylib+0x1350)

Address 0x700000219828 is located in stack of thread T0 at offset 72 in frame
    #0 0x122940dbf in Java_Tasan_crash libTasan.c:5

  This frame has 1 object(s):
    [32, 72) 'stack_array' <== Memory access at offset 72 overflows this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow libTasan.c:7 in
Java_Tasan_crash
Shadow bytes around the buggy address:
  0x1e00000432b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1e00000432c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1e00000432d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1e00000432e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1e00000432f0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x1e0000043300: 00 00 00 00 00[f4]f4 f4 f3 f3 f3 f3 00 00 00 00
  0x1e0000043310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1e0000043320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1e0000043330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1e0000043340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1e0000043350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==953==ABORTING
Abort trap: 6

>> While running the file make.sh (included in the attachment) the error
>> message is:
>> 
>> ==2099==ERROR: Interceptors are not working. This may be because
>> AddressSanitizer is loaded too late (e.g. via dlopen). Please launch the
>> executable with:
>> DYLD_INSERT_LIBRARIES=/usr/local/lib/libasan.4.dylib
>> "interceptors not installed" && 0./make.sh: line 7:  2099 Abort trap: 6     
>> DYLD_INSERT_LIBRARIES=/usr/local/lib/libasan.4.dylib java Tasan
>> 
>> Setting DYLD_INSERT_LIBRARIES as suggested (see the file make.sh) does not
>> make a difference.
> 
> Strange. Are you sure /usr/local/lib/libasan.4.dylib exists on your system? 
> I'm
> not sure how DYLD_INSERT_LIBRARIES works but assuming it works pretty like
> LD_PRELOAD on Linux interceptors should work fine.
> 

ls -l /usr/local/lib/libasan*
-rwxr-xr-x  1 root  wheel  1033884 15 Jan 12:36 /usr/local/lib/libasan.4.dylib
lrwxr-xr-x  1 root  wheel       15 15 Jan 12:36 /usr/local/lib/libasan.dylib ->
libasan.4.dylib
-rwxr-xr-x  1 root  wheel     1209 15 Jan 12:36 /usr/local/lib/libasan.la
-rw-r--r--  1 root  wheel    10904 15 Jan 12:36
/usr/local/lib/libasan_preinit.o

[Bug sanitizer/79096] [7 Regression] address sanitizer and jni does not work

Reply via email to